Export limit exceeded: 363449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 45955 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47138 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47138 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2742 1 Businessobjects 1 Crystal Enterprise 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.
CVE-2006-3211 1 Cjguestbook Project 1 Cjguestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.
CVE-2004-2725 1 Aztek Forum 1 Aztek Forum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php.
CVE-2006-1193 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
CVE-2005-3511 1 Spymac 1 Spymac Web Os 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php; and (b) the notes module, including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread, (4) dateorder, (5) subjectorder, (6) curr, (7) fromorder, or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action.
CVE-2005-3496 1 Php Handicapper 1 Php Handicapper 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.
CVE-2005-2981 1 Orionserver 1 Orion Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page.
CVE-2006-2618 1 Alstrasoft 1 Webhost Directory 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, might allow remote attackers to inject arbitrary web script or HTML via the "write a review" box. NOTE: since user reviews do not require administrator privileges, and an auto-approve mechanism exists, this issue is a vulnerability.
CVE-2003-0712 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.
CVE-2006-4712 1 Sage 1 Sage 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
CVE-2006-0533 1 Cpanel 1 Cpanel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel allows remote attackers to inject arbitrary web script or HTML via the numdays parameter.
CVE-2005-4247 1 Plogger 1 Plogger 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.
CVE-2003-0624 1 Bea 1 Weblogic Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.
CVE-2005-4245 1 Snipegallery 1 Snipe Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2005-4190 1 Horde 1 Horde Application Framework 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.
CVE-2002-2296 1 Yabb 1 Yabb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 allows remote attackers to inject arbitrary web script or HTML via the num parameter.
CVE-2005-4386 1 Colony 4 Colony Cms, Colony E-commerce Cms, Colony Enterprise Cms and 1 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2002-2278 1 Portail Web Php 1 Portail Web Php 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to inject arbitrary web script or HTML via the (1) $App_Theme, (2) $Rub_Search, (3) $Rub_News, (4) $Rub_File, (5) $Rub_Liens, or (6) $Rub_Faq variables.
CVE-2006-0706 1 Gastebuch 1 Gastebuch 2026-04-16 N/A
Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter.
CVE-2000-1139 1 Microsoft 1 Exchange Server 2026-04-16 N/A
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.